Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pillow Heap-based Buffer Overflow | Vulnerability CWE-122 | CVE-2023-4863 | CVSS 9.6 #88

Open
FarmerManUK24 opened this issue Jan 31, 2025 · 0 comments
Open

pillow Heap-based Buffer Overflow | Vulnerability CWE-122 | CVE-2023-4863 | CVSS 9.6 #88

FarmerManUK24 opened this issue Jan 31, 2025 · 0 comments
Assignees
@pjannaty
Labels
enhancement New feature or request

Comments

@FarmerManUK24
Copy link

Morning

I downloaded Nvidia's Github repository for Cosmos and immediately ran some existing security tools on the source code.

I like SNYK security tool.

Image

Image

While running Cosmo repository through SNYK, the tool identified 1 CRITICAL and 11 HIGH security vulnerabilities. Forwarding for your awareness. Know these tools can sometime create False Positives. Below is descriptor on the CRITICAL alert.

https://security.snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878

SNYK is a great tool if you've never used it for security testing.

Great work folks.

Frank
@sophiahhuang sophiahhuang added the enhancement New feature or request label Jan 31, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pjannaty pjannaty

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sophiahhuang @pjannaty @FarmerManUK24